Switching users and sync bubble for EDU mode

ABSTRACT

Systems and methods are disclosed for implementing an educational mode on a portable computing device, such as a tablet computer, that is a single-user system, used serially by multiple users. Each user can have a separate user storage that may be encrypted. The computing device boots as a system user to a login screen. A first student user enters user credentials into the login screen. The computing device can reboot the user-space processes, while leaving the kernel running, rebooting the computing device as the first student user. When the first student user logs out, data to be synchronized to, e.g., the cloud, can be synchronized for the first student user while a second student user is logged into the device.

TECHNICAL FIELD

This disclosure relates to the fields of multiple, single usersutilizing a computing device.

BACKGROUND

Modern classrooms utilize tablet computers as teaching tools in theclassroom. Many schools will purchase a single tablet computer for eachseat in a classroom, rather than requiring each student to purchase herown tablet computer. When a class begins, each student in the class willlog in to the tablet device at her seat in the classroom. When a classends, students will all log out, saving their work to disk and/orsynchronizing their work to cloud storage. The students will then leavethe tablet computer at their respective seats in the classroom. When thenext class in the classroom begins, each student of the next class willlog in to use the tablet computer at her respective seat in theclassroom.

When a class ends, the saving to disk and/or synchronizing to cloudstorage of the work of all students in the classroom can cause a spikein classroom network usage that slows down the network and savingprocess. Further, student work, or classwork, such as animations,graphics, video, and other data can be very large, both on a per studentbasis and on a total for the classroom basis, further delaying thesaving of the student data for a class. A tablet computer typically doesnot have sufficient computing resources to allow a previous student'scomputing processes to complete and to defer logout of the previousstudent, while simultaneously allowing a subsequent student to log inand begin work on the same tablet computer. Also, current tabletcomputers do not offer per-user data encryption on the tablet computer.

SUMMARY OF THE DESCRIPTION

Systems and methods are disclosed for implementing an educational modeon a portable computing device, such as a tablet computer, that is asingle-user system, used serially by multiple users. Each user can havea separate user storage that may be encrypted. The computing deviceboots as a system user to a login screen. A first student user can entertheir user credentials into the login screen. The computing device canreboot the user-space processes, while leaving the kernel running,rebooting the computing device as the first student user. When the firststudent user logs out, data to be synchronized to, e.g., the cloud orlocal network storage, can be synchronized for the first student userwhile a second student user is logged into the device. In an embodiment,data to be synchronized to, e.g. the cloud or local network storage, canbe synchronized for the first user while the computing device is bootedto the login screen as the system user. Management of the boot andreboot processes can be performed by a user manager daemon.

A synchronization manifest can include a synchronization task for eachdata source for a first student user. A synchronization task can includeinformation that enables a synchronization daemon to access the data tobe synchronized, and obtain an access key or keys to the service thatwill be used in the synchronization. The synchronization manifest can bepersisted across users such that when a second student user logs in, thesynchronization manifest of the first user can be processed tosynchronize the first user's data while the second student user utilizesthe device. The synchronization manifest for a first user can be storedin system storage, the client device user-space can be rebooted to asecond user, then the tasks in the manifest of the first user can beperformed while the second user performs her work. In an embodiment, themanifest tasks of the first user are performed in the background ofuser-space, while the work of the second user is performed in theforeground of user-space.

In another embodiment a non-transitory computer readable can storeexecutable instructions, that when executed by a processing system, canperform any of the functionality described above.

In yet another embodiment, a processing system coupled to a memoryprogrammed with executable instructions can, when the instructions areexecuted by the processing system, perform any of the functionalitydescribed above.

Some embodiments described herein can include one or more applicationprogramming interfaces (APIs) in an environment with calling programcode interacting with other program code being called through the one ormore interfaces. Various function calls, messages or other types ofinvocations, which further may include various kinds of parameters, canbe transferred via the APIs between the calling program and the codebeing called. In addition, an API may provide the calling program codethe ability to use data types or classes defined in the API andimplemented in the called program code.

Other features and advantages will be apparent from the accompanyingdrawings and from the detailed description.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention are illustrated by way of example, and notby way of limitation, in the figures of the accompanying drawings inwhich like reference numerals refer to similar elements.

FIG. 1 illustrates, in block form, an educational computing environmentaccording to some embodiments.

FIG. 2 illustrates, in block form, internal components of a clientsystem in an educational computing environment, according to someembodiments.

FIGS. 3A through 3F illustrate a example displays of a method of loggingin and logging out of users of a client system in an educationalcomputing environment, according to some embodiments.

FIGS. 4A through 4C illustrate a method of logging in and logging out ofusers of a client system in an educational environment, according tosome embodiments.

FIG. 5 illustrates a method of booting, or rebooting, user-space of aclient system during logging in and logging out of a client system in aneducational computing environment, according to some embodiments.

FIG. 6 illustrates a method of tearing down user-space of a clientsystem in a computing environment, after logging in to the clientsystem, according to some embodiments.

FIG. 7 illustrates a method of generating a manifest of user data itemsfor synchronization after a user-space reboot of a client system in aneducational computing environment, according to some embodiments.

FIG. 8 illustrates a method of processing a synchronization manifest ofuser data items for synchronization after a user-space reboot of aclient system in an educational computing environment, according to someembodiments.

FIGS. 9A and 9B illustrate a method of operation 900 of a user managerdaemon according to some embodiments.

FIG. 10 illustrates in block diagram form, a data synchronization systemhaving a plurality of clients in an educational computing environment,according to some embodiments.

FIG. 11 illustrates an exemplary embodiment of a software stack usablein some embodiments of the invention.

FIG. 12 is a block diagram of one embodiment of a computing system.

DETAILED DESCRIPTION

In the following detailed description of embodiments, reference is madeto the accompanying drawings in which like references indicate similarelements, and in which is shown by way of illustration manners in whichspecific embodiments may be practiced. These embodiments are describedin sufficient detail to enable those skilled in the art to practice theinvention, and it is to be understood that other embodiments may beutilized and that logical, mechanical, electrical, functional and otherchanges may be made without departing from the scope of the presentdisclosure. The following detailed description is, therefore, not to betaken in a limiting sense, and the scope of the present invention isdefined only by the appended claims.

FIG. 1 illustrates, in block form, an educational computing environmentaccording to some embodiments. An educational computing environment caninclude a plurality of client computing devices (“client devices”) 100,a teacher workstation 110, one or more backup server(s) 120 and one ormore cloud service(s) 130, and one or more web service(s) 140,communicatively coupled via network 150.

Network 150 can be any type of network, such as Ethernet, Token Ring,Firewire, USB, Fibre Channel, or other network type.

A client device 100 can be any computing device, such as described withreference to FIG. 12, below. A client device 100 can be a tabletcomputer, such as the Apple® iPad®. Tablet computers are configured tobe operated by one student at a time. Multiple different students mayserially use the same tablet computer 100 over multiple classroomsessions. Each student can generate substantial amounts of data that, atthe end of a classroom session, may need to be synchronized with one ormore cloud services 130, stored to one or more backup server(s) 120, orsynchronized with one or more web service(s) 140 (collectively, “synch'dup”). Student user data can also be stored on the client device 100. Inan embodiment, the student user data stored for different students onthe same client device 100 can be encrypted on a per-student basis. Inan embodiment, encryption of student data on client device 100 can beformed using login credentials (a “passcode”) as a portion of theencryption key. In an embodiment, an encryption key that encrypts astudent user's data can be derived from the student user's passcode.

Client devices 100 can be provisioned to support an educational (“EDU”)mode of operation. Such provisioning can include configuring a clientdevice 100 to display a login interface that is configured for aparticular school, classroom, or teacher, or student. In an embodiment,a login interface presented to a student user of a client device 100 candisplay classes that are given in the room in which the student will usethe client device 100. A login interface can further display a list ofstudents in a particular class, in response to a student selecting aparticular class listing. In an embodiment, a student can be presented alogin prompt and the student enters a student user passcode to accessthe client device 100. The passcode can also provide access to cloudstorage service(s) 130, backup server(s) 120, or web service(s) 140.

Client devices configured to operate in EDU mode can further beconfigured to perform data synchronization tasks of a first user duringoperating of the client device 100 by a second, subsequent user. In anembodiment, the data synchronization task(s) of the first user can beperformed as background tasks while the second, subsequent user operatesthe client device 100 using foreground processing.

A teacher work station 110 can comprise a desktop computer, such as anApple® iMac®, a tablet computer, such as an Apple® iPad®, or othercomputing device 110 as described with reference to FIG. 12, below. Ateacher work station 110 can be configured to initiate a log out of allstudents that are currently logged in to a classroom session of theteacher. For example, 5 minutes before the end of a class, the teachercan initiate a logout of all students. In response to theteacher-initiated logout of all students, client devices 100 can beginidentifying data that needs to be stored or synchronized to backupserver 120, cloud service 130, or web service 140. If synchronization ofthe client device 100 data requires more than a predetermined timeoutperiod, such as 1 minute or 3 minutes, then the synchronization taskscan be stored in a synchronization manifest for the student user. When asecond, subsequent user logs in to the client device 100, the secondsubsequent user can operate the client device 100 in foreground mode,while the synchronization tasks for the first student user run in thebackground.

Backup server 120 can comprise a computing system 1100 as described withreference to FIG. 12, below. In an embodiment, backup server 120 canstore each user's data in an encrypted form. In an embodiment, theencryption can be based on, or derived from, the student user's passcodekey.

Cloud services 130 can include cloud-based services such as AppleiCloud®, Google Docs, a cloud storage service, or other service to whichclient device 100 can synchronize data between the client device 100 andcloud storage service 130.

Web services 140 can include email, social networks, on-line classrooms,document storage services, such as Dropbox®, and other web-basedservices

FIG. 2 illustrates, in block form, internal components of a clientdevice 100 in an educational computing environment, according to someembodiments.

Internal components of client device 100 can include storages 201-203,operating system 210, including kernel 215, and user-space processes220. Internal components of client device 100 can communicate viainterprocess communication, messaging, shared memory, sockets, or othercommunication channels.

Storages 201-203 can include RAM, ROM, flash memory, a hard disk, asolid state disk, CD-ROM, DVD-ROM, rewriteable media, or other storagemedium.

User information storage 201 can include a library of useridentification information such as student users that have accessed, orare permitted to access, the client device 100 that contains the userinformation storage 201. User information storage 201 can furtherinclude information about each such student user, including a picture ofthe student user, a student name, student identification number, andother student-related information.

System storage 202 can include a system cache that can be persistedacross users and reboots of the user-space, a “keybag” for a studentuser that is currently logged in on the client device 100,synchronization manifest(s), a display screen image that is to bedisplayed during transition from a login interface 254 as a system userto student user home page interface when the student user is logged in.A keybag can comprise a data structure that contains access keys for astudent user, wherein each access key provides access to one of: astudent user local storage 203, a backup server 120, one or more cloudservices 130, or one or more web services 140. When a student user logsin using client device 100, login credentials can be authenticated andthe one or more access keys can be generated from the login credentials.Login credentials are not stored locally. Login credentials can beauthenticated at the backup server 120, cloud service(s) 130, or webservice(s) 140. The keybag of the current student can be stored in asystem cache in system storage 202. The system cache can be persistedacross reboots of user-space during a power sequence. System storage 202can also include a synchronization manifest for each of one or morestudent users.

A synchronization manifest for a student user can include a list ofsynchronization tasks to be performed on behalf of a first student user,while the client device 100 is being used by a second student user. Asynchronization manifest can contain a synchronization task datastructure for each item of data to be synchronized. A synchronizationtask can include a handle to a data structure to access the data to besynchronized, a handle to the application that generated the data to besynchronized, a keybag or pointer to a keybag, that contains an accesskey to that enables access for that student user to the service (e.g.backup server 120, cloud service 130, or web service 140) for eachsynchronization task, check-pointing information that indicates progressand current state of the synchronization task, scheduling informationfor scheduling the synchronization task with respect to othersynchronization tasks in the synchronization manifest, and otherinformation that facilitates completion of the synchronization task.There can be a synchronization manifest for each of multiple studentusers in system storage 202 at a time. Synchronization manifests can bequeued and scheduled according to scheduling logic, such as shortesttask first, first-in-first-out, largest task first, data related toexaminations first, and the like.

System storage 202 can further include a system cache that storesinformation that can be persisted across student users and user-spacereboots, such as keybags, synchronization manifests, a login screen tobe displayed during a user-space reboot, or a logout screen that isdisplayed while logout processes are being completed and user-space isbeing rebooted.

User storage 203 can include data storage, such as one or morecontainers, in which each student can store their respective classroomsession data. In an embodiment, each student's data can be encrypted. Inan embodiment, encryption can be based at least in part on a keygenerated at least in part using the student user's passcode or otheruser credentials.

User-space processes 220 can include a launch daemon 230 (“LD”). Launchdaemon 230 is an early boot task that can launch other daemons such as auser manager daemon 240, a user session manager 250 or synchronizationdaemon. User-space processes can further include background processes260 and other processes within user-space 220. Other processes caninclude user applications 251 and 252, student user interface 253, andlogin interface 254. Launch daemon 230 can launch user manager daemon240 (“UMD”) as an early boot task. Functionality of user manager daemon240 can be exposed via user manager framework 241. Calls to a frameworkor application programming interface (“API”) are described below withreference to FIG. 11.

User manager daemon 240 can access user information data store 201 toretrieve the identification of a user of the client device 100. The userinformation can be passed to, e.g., login interface 254 or student userinterface 253 to display user identification information while theclient device 100 logs in a user or logs out a user. User manager daemon240 can act as an arbiter, or traffic manager, that facilitates log inand log out of users. User manager daemon 240 can launch, or cause to belaunched, user session manager 250 (“USM”). User manager daemon 240 candetermine whether the computing device is performing a boot e.g. a hardpower on boot or device restart) and determine that the client device100 should boot as the system user, to the login screen.

User session manager 250 can present an appropriate user-specific userinterface for display to a student user. For example, during a boot orreboot to a login screen, USM 250 can launch login interface 254 toobtain login credentials from a user. During a logout process, USM 250can present a logout message on the student user interface 253 that isspecific to a particular user. In an embodiment, student user interface253 displays a status of a logout process while a logout and user-spacereboot takes place. User-space processes, such as USM 250, userapplications 251 and 252, login user interface 254, and student userinterface 253, can register with UMD 240 to receive a notification thata “User Switch Request” has been made. A user switch request indicatesthat user-space processes are to begin saving application state,generating synchronization tasks for storage in a synchronizationmanifest, and begin shutting down. Each user-space process, e.g.251-254, can notify UMD 240 when the process is about to be shut down bysending UMD 240 a “Ready to Switch Users” notification. In anembodiment, shutting down an application 251-254 includes determiningapplication data that needs to be synchronized to, e.g., a cloud service130 and storing a synchronization task record in a synchronizationmanifest in system storage 202 for retrieval after reboot of user-spaceto another student user.

Background processes 260 can include daemons, e.g. cloud daemon 261,cloud docs daemon 262, and web work daemon 263. Daemons 261-263 canspawn processes, e.g. sync cloud storage 266, synch cloud docs 267, andsynch web work 268, that perform work on behalf of a particular studentuser. The synchronization manifest can contain one or more references todata to be backed up or synchronized to one or more backup servers 120,cloud services 130, or web services 140 on behalf of the particularuser. The work can be performed by the applicable daemon generating aprocess, e.g. 266-268, on behalf of the user specified in thesynchronization manifest. Daemons 261-263 and processes 266-268 can eachregister with UMD 240 to receive a “Switch User Requested” notification.A switch user request can be generated by UMD 240 in response to UMD 240receiving a “User Logout Request”. A User Logout Request can begenerated in response to a user initiating a log out process, by a userpressing a power on reset button, or by kernel 215 initiating a systemshutdown, such as due to the system running out of resources. A SwitchUser request can also be generated in response to a class-wide userlogout command issued by at a teacher workstation 110, e.g., at the endof a class session.

In an embodiment, when a synchronization process 266-268 completes anitem in the synchronization manifest, and the item is deleted from thesynchronization manifest, the applicable daemon, e.g. cloud daemon 261,can tear down the associated synch cloud storage process 266. Tearingdown a process can include finishing any pending storage operations,storing process state as may be needed, and other activities to performan orderly termination of a process. The daemon, e.g. 261, can thennotify UMD 240 that the daemon 261 is terminating itself, then daemon261 can proceed to terminate itself. If all work in the synchronizationprocess has not completed at the time that a switch user request hasbeen received, then the remaining daemons 261-263, for which there iswork in the manifest, can cause their respective associated processes266-268 to check-point their respective synchronization processes andstore the checkpoint information in the manifest for processing on thenext reboot to a student user.

FIGS. 3A through 3F illustrates a method of logging in and logging outof users of a client system in an educational computing environment,according to some embodiments. In FIGS. 3A through 3F, an embodiment oflog in and log out screens is shown. Log in interface 254 can support awide variety of log in interfaces, such as a conventional username andpasscode prompt, a class roster selection, an alphabetic selection listof students, or other log in interface.

FIG. 3A illustrates an interface that can be presented by logininterface 254 when the client device 100 is booted up as a system user.Booting as the system user can be detected by user session manager 250as a trigger to display a login screen. Logging in as a particularstudent, distinct from the system user, can be detected by user sessionmanager 250 as a trigger to display a user interface appropriate for theparticular student, such as the student's home screen. In FIG. 3A,client device 100 has been provisioned to use a classroom selectionscheme to log in to client device 100. Login Interface 254 presents alist of class sessions for room 5, including English 1A, English 1A-AP,English 2A, and English 2A-AP. A student can select a particular class305 by clicking a pointer 310 on the particular class 305.

In FIG. 3B, login interface 254 can display a list of students 315 thatare enrolled for English 1A. User session manager 250 can requeststudent identification information, such as a name and picture, fromuser manager daemon 240 and present the list of students 315 that areenrolled for English 1A as a matrix of icon pictures of each student,along with the name of each student in a picture. The student user 320,“Puja G.” can select herself for logging in by clicking on her ownpicture 320. Login interface 254 can display a class session informationfor English 1A above the matrix of students enrolled in the class.

In FIG. 3C, Login interface 254 can display Puja G.'s picture and promptfor Puja G. to put in her passcode 325.

In FIG. 3D, Login interface 254 can generate a status message 330, suchas “Logging in . . . please wait.” Login interface 254 can authenticatePuja G. against the entered passcode. Login interface 254 can thengenerate a unique identifier that acts as a cryptographic key andstorage that key in system storage 202 for later use. Kernel 215 canensure that the saved “frozen” screen is continuously displayed whilethe client device 100 prepares itself to boot as Puja G. “Freezing” thescreen can comprise writing a screen image to a display buffer forcontinuous display during the reboot process. The screen can includedisplaying an animation, progress indicator, or other dynamic displayitem(s) during the reboot process. In an embodiment, the kernel andgraphics subsystem can display an animation that is persisted on thescreen while the client device 100 prepares itself to boot as Puja G.

Client device 100 then tears down user-space processes that weregenerated for Login interface 254 while the user was System user. Thekernel 215 continues running. Only user-space processes are torn down.After client device 100 logs itself out of System user, and reboots,launch daemon 230 can relaunch user manager daemon 240, and user sessionmanager 250. User manager daemon 240 can retrieve Puja G.'s keyinformation from system storage 202, e.g. user information 335. Usermanager daemon 240 can retrieve a list of applications 340 available toPuja G., retrieve any state information about Puja G. and her previoussession(s) from user information data storage 201. User manager daemon240 can pass this information to user session manager 250.

In FIG. 3E, user session manager 250 can cause Puja G.'s. information tobe displayed 335 on client device 100. Puja G. can select one or moreapplications 340 to perform her work. The applications may generate datathat needs to be saved or synchronized to backup servers 120, cloudservices 130, or web services 140. The student user interface 253 caninclude a logout button 345. A user can select the logout button with aclick of a user interface 345, or an embodiment thereof, therebygenerating a “switch request” to user manager daemon 240. The switchrequest triggers actions that will tear down the user-space of Puja G.,and subsequent reboot as the System user.

In FIG. 3F, the switch request starts a series of clean up processes.Application data that was generated by one or more applications 340needs to be saved to backup server 120, synchronized to cloud storage130, or web service 140. User session manager 250 can marshal the datato be saved from the respective applications, and begin a saving orsynchronizing process for the data. A status message 350 can bedisplayed by user session manager 250 regarding the log out progress.Applications that do not generate data to be synchronized can beterminated. After a predetermined period of time, e.g. 1 to 3 minutes,if the data to be saved or synchronized has not completed saving orsynchronizing, user session manager 250 can generate an entry in asynchronization manifest for each incomplete saving or synchronizingoperation. The manifest can include access keys necessary to access thebackup server 120, cloud storage 130, or web service 140 after a rebootto a subsequent user.

FIGS. 4A through 4C illustrate a method 400 of logging in and loggingout of users of a client system 100 in an educational environment,according to some embodiments.

In operation 405, a user can power on the client device 100.

In operation 410, the kernel 215 can be booted, along with otheroperating system level processes.

In operation 500, the client device 100 boots its user-space processes220. Specifically, the user-space processes 220 boot up to a logininterface 254 as the System user (as distinguished from a student user).The system user can comprise the “root” user of an operating system, orother user that an operating system can define to run system-definedprocess(es) that are not specific to a student, a teacher, or otherlogged in user. The operations that boot the user-space to a logininterface 254 are described in detail with reference to FIG. 5, below.

In operation 415, login interface 254 can receive student usercredentials for logging in to the client device 100 as a first user,“User 1.” An embodiment of a login interface 254 receiving logincredentials is illustrated in FIGS. 3B and 3C. Student user logincredentials can be authenticated locally on client device 100 orremotely at backup server 120, cloud service(s) 130, or web service(s)140. In an embodiment, authentication of student user login credentialscan authorize access to one or more of backup server 120, cloudservice(s) 130, or web service(s) 140, causing one or more access keysto be generated that permit the student user to access one or more of:local encrypted user storage 203, backup server 120 services, cloudservices 130. In an embodiment, a student user keybag can be stored insystem storage 202 and can be persisted across user-space reboots anddifferent student users of the same client device 100. A keybag datastructure is described above with reference to FIG. 2, System Storage202.

In operation 420, login interface 254 can display a message such as“Logging in Student User 1 . . . ”.

In operation 425, the display message can be persisted by storing thedisplay screen containing the message in system storage 202. The displaymessage can be displayed from the time that the user is authenticated,during which the active user is the System User, through authenticationof the student user in operation 415, and up through the time that theuser-space 220 has been rebooted for the student user and the studentuser home page is displayed.

In operation 600, the user-space processes 220 can be torn down inpreparation for a reboot of the client device 100. Tearing downprocesses can include activities such as completing the closing of openfile(s), flushing buffers, completing pending synchronization processes,in preparation for an orderly termination of a process. After reboot ofthe client device, the active user will be the student user that loggedin using the login interface 254 in operation 415, above. Details ofoperation 600 are described below with reference to FIG. 6.

In operation 500, client device 100 can reboot user-space 220 with thestudent user as the active user. Rebooting the user-space 220 of theclient device 100 with the student user as the active user is describedbelow with reference to FIG. 5. At the end of the reboot of user-space220 with the student user as the active user, a home page for thestudent user can be displayed. In an embodiment, the home page can bespecific to a particular student user.

In operation 430, the student user can begin performing student userwork as a first user, “User 1.” Performing user work can includeinteracting with the student user home page, launching one or moreapplications 251 and 252, or logging out by, e.g., clicking on a logoutbutton 345 of the home page.

Method 400 continues at operation 435, described below with reference toFIG. 4B.

On FIG. 4B, in operation 435, student user User 1 can generate a logoutrequest. In an embodiment, the logout request can be generated by, e.g.,User 1 clicking on a logout button 345 of the home page.

In operation 700, in response to receiving the logout request, clientdevice 100 can begin backing up or synchronizing data to backup server120, cloud service 130, or web service 140. In an embodiment, the logoutprocess can generate a synchronization manifest of User 1 data to bebacked or synchronized with backup server 120, cloud services 130, orweb services 140. In an embodiment, the synchronization manifest can bebuilt and stored in system storage 202 in response to a predeterminedperiod for backing up or synchronizing data timing-out. Operation 700 isdescribed in detail, below, with reference to FIG. 7.

In operation 445, user session manager 250 can generate and update alogout interface 350 that informs the user about progress of the logoutprocess that was initiated in response to receiving the User 1 logoutrequest in operation 435. An example of a logout interface is describedabove with reference to FIG. 3F. A logout interface can includedisplaying a message such as, “Logging out . . . waiting on,” followedby a list of application data that is being synchronized or backed up.

In operation 450, User 1 user-space processes can be torn down inpreparation for a reboot of the user-space 220 as the system user. Thekernel 215 continues running during the user-space 220 reboot.

In operation 500, client device 100 reboots user-space 220 as the systemuser. The reboot culminates in display of the login interface 254, asthe system user. Operation 500 is described in detail, below, withreference to FIG. 5.

In operation 455, login interface 254 can receive student usercredentials for logging in to the client device 100 as a second user,“User 2.” An embodiment of a login interface 254 receiving logincredentials is illustrated in FIGS. 3B and 3C. Student user logincredentials can be authenticated locally on client device 100 orremotely at backup server 120, cloud service(s) 130, or web service(s)140. In an embodiment, authentication of student user login credentialscan authorize access to one or more of backup server 120, cloudservice(s) 130, or web service(s) 140, causing one or more access keysto be generated that permit the student user to access one or more of:local encrypted user storage 203, backup server 120 services, cloudservices 130. In an embodiment, a student user keybag can be stored insystem storage 202 and can be persisted across user-space reboots anddifferent student users of the same client device 100. A keybag datastructure is described above with reference to FIG. 2, System Storage202.

Method 400 continues at operation 460, described below with reference toFIG. 4C.

On FIG. 4C, in operation 460, login interface 254 can display a messagesuch as “Logging in Student User 2 . . . ”.

In operation 465, the display message can be persisted by storing thedisplay screen containing the message in system storage 202. The displaymessage can be displayed from the time that the user is authenticated,during which the active user is the system user, through authenticationof the student user “User 2” in operation 455, and up through the timethat the user-space 220 has been rebooted for the student user “User 2”and the student user home page is displayed.

In operation 600, the user-space processes 220 can be torn down inpreparation for a reboot of the client device 100 as student user “User2.” The kernel process 215 continues running. After reboot of the clientdevice 100, the active user will be the student user “User 2” thatlogged in using the login interface 254 in operation 460, above. Detailsof operation 600 are described below with reference to FIG. 6.

In operation 500, client device 100 can reboot user-space 220 with thestudent user “User 2” as the active user. Rebooting the user-space 220of the client device 100 with the student user as the active user isdescribed below with reference to FIG. 5. At the end of the reboot ofuser-space 220 with the student user “User 2” as the active user, a homescreen or other initial user interface for the student user can bedisplayed. In an embodiment, the home page can be specific to aparticular student user, e.g. “User 2.”

In operation 800, system storage 202 can be checked to determine whethera synchronization manifest was generated for student user “User 1”during User 1's classroom session. If so, then processes can begenerated in user-space 220 to process User 1's synchronization manifestwhile User 2 uses the client device 100. In an embodiment, User 2processing is performed in the foreground, while User 1 synchronizationprocesses are performed in the background. Processing of thesynchronization manifest is described in detail, below, with referenceto FIG. 8.

In operation 470, the student user can begin performing student userwork as a second student user, “User 2.” Performing user work caninclude interacting with the student user home page, launching one ormore applications 251 and 252, or logging out by, e.g., clicking on alogout button 345 of the user interface.

FIG. 5 illustrates a method 500 of booting, or rebooting, user-space 220of a client device 100 during logging in and logging out of a clientsystem in an educational computing environment, according to someembodiments. During booting or rebooting of user-space 220, kernel 215continues to run.

In operation 505, kernel 215 can start a launch daemon 230. Launchdaemon 230 is an early boot task that enables launching and managementof processes that run in user-space 220.

In operation 510, launch daemon 230 can start a user manager daemon 240(“UMD”). UMD 240 is also an early boot task. UMD 240 can manageprocesses in user-space 220 with respect to switching users. Operationof UMD 240 is described in detail, below, with respect to FIGS. 9A and9B.

In operation 515, launch daemon 230 can start a user session manager 250(“USM”). USM 250 can provide a user interface for student users, e.g.User 1 and User 2, such as a home page for launching applications andlogging out. USM 250 can receive user requests to launch an application251 and 252 and can then cause applications 251 or 252 to be launched.In an embodiment, USM 250 can call launch daemon 230 to cause the launchof applications 251 or 252.

In operation 520, USM 250 can register itself with UMD 240 to receive anotification from UMD 240 that a Switch User Request has been generated.A Switch User Request can be generated by a student user logging out ofclient device 100, e.g., by clicking on a logout button 345. A SwitchUser request can also be generated in response to a class-wide userlogout command issued by at a teacher workstation 110, e.g., at the endof a class session. A Switch User request can be generated by logininterface 254 in response to login interface 254 receiving andauthenticating login credentials from a student user. A Switch Userrequest can be generated by the kernel, e.g., when system resources havebecome critically low. A Switch User request can also be generated by ahardware event, such as a power on reset button being pressed.

In operation 525, USM 250 requests identification information from UMD240 about the current user. The current user can be either the systemuser, e.g. during a user-space 220 boot/reboot to a login screen, or alogged in student user, e.g. User 1 or User 2.

In operation 530, it can be determined whether the current user is thesystem user or a student user.

In response to determining, in operation 530, that the current user is astudent user, the user-space 220 boot process performs operations inblock 535 for booting to the student user's home page as the studentuser. Block 535 includes operations 540, 545, and 540.

In operation 535, USM 250 can instantiate and display the student user'shome page user interface.

In operation 545, USM 250 can register the user's home page interfacewith UMD 240 so that home page interface can receive a notification fromUMD 240 when a Switch User Request has been generated.

In operation 550, USM 250 the student user home page interface can waitfor the student user to request work, such as launching an application251 or 252, or logging out 345.

In response to determining, in operation 530, that the current user isthe system user, the user-space 220 boot process performs operations inblock 555 for booting to a login interface 254 as the system user,beginning at operation 560. Block 555 includes operations 560, 565, and570.

In operation 560, USM 250 can instantiate and display a login interface254.

In operation 565, USM 240 can register the login interface 254 with UMD240 so that login interface 254 can receive a notification from UMD 240when a Switch User request is generated.

In operation 570, login interface 254 can wait to receive logincredentials from a student user, e.g. User 1 or User 2.

FIG. 6 illustrates a method 600 of tearing down user-space 220 from alogin screen, when the current user is the system user, in response toreceiving login credentials for a student user.

In operation 605, login interface 254 can pass to UMD 240 authenticatedcredentials of a student user, including a student user uniqueidentifier (UID), and one or more access keys generated at least in partfrom the student user login credentials.

In operation 610, UMD 240 can persist the UID and access keys in a“keybag” in system storage 202, as described above with reference toFIG. 2. UMD 240 can also persist the UID and one or more access keys insystem storage 202 to indicate that the student user having this UID isthe “next” or “reboot” user that will become the current user afterreboot of user-space 220.

In operation 615, login interface 254 can request user information, suchas the student user UID, name, picture, etc., from UMD 240. UMD 240 canobtain this information from user information library 201 and return theinformation to login interface 254.

In operation 620, Login interface 254 can display a login message, suchas “Logging in as User 1” on the display. Login interface 254 canpersist the login message on the display and write the display screen tosystem storage 202. During reboot of user-space 220, the login messagecan be “frozen” or persisted on the display screen while user-space 220processes are being torn down, and a reboot of user-space processes isperformed. From the perspective of the student user, the reboot ofuser-space from the system user to the student user merely appears as asingle process.

In operation 625, login interface 254 can generate a Switch User Requestto UMD 240. UMD 240 can send a notification that a Switch User Requesthas been received, to each user-space process that registered with UMD240 to receive such notifications. A timer can be set for user-spaceprocesses to have time to prepare to switch users.

In operation 630, UMD 240 can send a “Will Switch Users” notification toregistered user-space processes 220 as a final notification that teardown of user-space processes 220 is about to begin. In an embodiment,UMD 240 can wait a predetermined additional amount of time after sendingthe Will Switch Users notification so that registered user-spaceprocesses 220 can make any final preparations for reboot.

In operation 635, it can be determined whether UMD 240 has received aReady To Switch Users notification from all registered user-spaceprocesses.

If, in operation 635, it is determined at least one registereduser-space process has not responded to UMD 240 with a Ready To SwitchUsers notification, then in operation 640 it can be determined whetherthe timer for preparation for switching users has expired. If, inoperation 640, the timer has not expired, then method 600 returns tooperation 630, otherwise method 600 continues at operation 635.

If, in operation 635, it is determined that all registered user-spaceprocesses have responded to UMD 240 with a Ready To Switch Usersnotification, then method 600 continues at operation 645.

In operation 645 tear down of user-space processes 220 is performed inpreparation for reboot as a student user, e.g. User 1 or User 2. Kernel215 continues running.

FIG. 7 illustrates a method 700 of generating a manifest of user dataitems for synchronization after a reboot of user-space processes 220 ofa client system in an educational computing environment, according tosome embodiments.

In operation 705, USM 250 can select a first user-space process or task220 that USM 250 caused to be launched during a student user classroomsession.

In operation 710, it can be determined whether the user-space process ortask 220 has data that needs to be backed up or synchronized to backupserver 120, cloud services 130, or web services 140 (individually orcollectively, “synchronized”).

If, in operation 710, it is determined that the user-space process ortask 220 does have data that needs to be synchronized, then in operation715 a synchronization task for the current student user and user-spaceprocess or task 220 can be generated and stored in a synchronizationmanifest for the current student user. The method 700 continues atoperation 720.

In operation 720, the user-space process or task 220 can be terminated.

In operation 725, USM 250 can optionally notify UMD 240 that user-spaceprocess or task 220 is Ready To Switch Users.

In operation 730, it can be determined whether there are more user-spaceprocesses or tasks managed by USM 250.

If, in operation 730, it is determined that there are more user-spaceprocesses or tasks 220 that are managed by USM 250, then in operation745 a next user-space process or task 220 managed by USM 250 can beselected. The method returns to operation 710.

If, in operation 730, it is determined that there are not moreuser-space processes or tasks 220 managed by USM 250, then in operation735 USM 250 can notify UMD 240 that USM 250 is Ready To Switch Users.

In operation 735, USM 250 can be terminated.

FIG. 8 illustrates a method 800 of processing a synchronization manifestof user data items for synchronization after a reboot of user-spaceprocesses 220 of a client device 100 in an educational computingenvironment, according to some embodiments. Method 800 will be describedwith respect to a single synchronization manifest. In an embodiment,there may be more than one synchronization manifest in system storage202, each synchronization manifest representing one or moresynchronization tasks to be performed on behalf of a different studentuser.

In operation 805, it can be determined whether system storage 202contains a synchronization manifest to be processed. In an embodiment,UMD 240 can make the determination whether a synchronization manifest isstored on system storage 202.

If, in operation 805, it is determined that system storage 202 does notcontain a synchronization manifest, then method 800 ends. Otherwise,method 800 continues at operation 810.

In operation 810, a synchronization manifest, e.g. for student user“User 1,” can be retrieved from system storage 202. A firstsynchronization task can be retrieved from the synchronization manifest.In an embodiment, UMD 240 can open and read the synchronization taskswithin the synchronization manifest.

In operation 815, one or more access keys for the first synchronizationtask can be retrieved. In an embodiment, retrieving the one or moreaccess keys can comprise reading the keys from a keybag data structurestored within the synchronization manifest. In an embodiment, retrievingthe one or more access keys can comprise dereferencing a pointer orhandle, or storage location, where the one or more access keys can beobtained. In an embodiment, UMD 240 can retrieve the one or more accesskeys.

In operation 820, a first daemon 261-263 that can instantiate one ormore processes to perform the first synchronization task can beinstantiated. In an embodiment, first daemon 261-263 can register withUMD 240 to receive a notification when a Switch User Request isgenerated. In an embodiment, UMD 240 can call launch daemon 230 toinstantiate the first daemon 261-263. In an embodiment, the first daemoncan be instantiated as a background task 260 in user-space processes220. In an embodiment, first daemon 261-263 may already be instantiated,performing work for a current student user, e.g. User 2, distinct fromUser 1. In such case, launch daemon 230 can return to UMD 240 an accesspath to first daemon 261-263, rather than instantiating a second copy offirst daemon 261-263.

In operation 825, first daemon 261-263 can spawn, or cause the launchingof, a first synchronization process 266-268 that will perform thesynchronization work associated with the first synchronization task inthe synchronization manifest. In an embodiment, first synchronizationprocess 266-268 can register with UMD 240 to receive a notification whena Switch User Request is generated. In an embodiment, firstsynchronization process 266-268 can be instantiated as a background task260 in user-space processes 220. In an embodiment, first synchronizationprocess 266-268 can call one or more portions of an applications 251 or252 that generated the data to be synchronized in the firstsynchronization task. The call can be via an application programminginterface (“API”).

In operation 830 the synchronization task can be executed, using thefirst synchronization process and/or first synchronization daemon, andthe one or more retrieved access keys.

In operation 835, when the first synchronization task is completed, thefirst synchronization task can be deleted from the synchronizationmanifest. In an embodiment, the first synchronization process 266-268can be terminated and UMD 240 can be notified of the termination offirst synchronization process 266-268. In an embodiment, if the currentstudent user “User 2” is using first synchronization daemon 261-263,then first synchronization daemon 261-263 can remain running, otherwisefirst synchronization daemon 261-263 can be terminated.

In operation 840, it can be determined whether a user logout has beenrequested by the current student user, e.g. “User 2” and a Switch UserRequest has been generated.

If, in operation 840, it is determined that a Switch User Request hasbeen generated, then in operation 845, the processing of thesynchronization manifest can be check-pointed in the manifest.

In operation 845, the synchronization manifest can be stored in systemstorage 202.

In operation 850, any running synchronization tasks that are servicingonly the synchronization manifest can be terminated and UMD 240 can benotified of the termination. Any running synchronization daemons thatare servicing only the synchronization manifest can also be terminatedand UMD 240 can be notified of the termination.

In operation 855, the first daemon and first synchronization process canbe torn down.

If, in operation 840, it is determined that a logout was not requested,and therefore no Switch User Request was generated, then in operation860 it can be determined whether there are any more synchronizationtasks remaining in the synchronization manifest.

If, in operation 860, it is determined that there are no moresynchronization tasks remaining in the synchronization manifest, then inoperation 865, the synchronization manifest can be deleted from systemstorage 202 and the first daemon and first synchronization process canbe torn down as in operation 855.

If, in operation 860, it is determined that there are moresynchronization tasks remaining in the synchronization manifest, then inoperation 870 a next synchronization task can be retrieved from thesynchronization manifest and method 800 continues at operation 815.

FIGS. 9A and 9B illustrate a method of operation 900 of a user managerdaemon (UMD) 240 according to some embodiments. UMD 240 is an early boottask that can manage switching of users in a client device 100 thatsupports a serial single-user operation by multiple users. UMD 240manages orderly shutdown of user-space processes 220 when UMD 240receives a request to logout the current user. Method 900 is describedwith reference to only a single user-space process, App. 1. However, UMD240 can manage an orderly reboot of a plurality of processes in the samemanner as described for App. 1.

An application that generates data to be synchronized can beginsynchronizing the data in response to receiving a “Switch UserRequested” notification from UMD 240. UMD 240 can wait for apredetermined period of time for App. 1 to perform the synchronization.After the predetermined period of time expires, UMD 240 can send App. 1a notification “Will Switch Users,” indicating that App. 1 needs to getready to be terminated in a second predetermined amount of time. App. 1can generate a synchronization task for a synchronization manifest inresponse to receiving the “Will Switch Users” notification. App. 1 canthen inform UMD 240 that App. 1 is Ready to Switch Users, then App. 1can terminate itself, or be terminated.

On FIG. 9A, in operation 905, launch daemon 230 can launch UMD 240.

In operation 910, user session manager (USM) 250 can be launched. USM250 can register with UMD 240 to receive a “Switch User Requested”notification in response to UMD 240 receiving a user logout request. USM250 can also assert to UMD 240 that it should not switch users until UMD240 receives a “Ready to Switch Users” notification from USM 250. UMD240 can override USM 250's request after a predetermined period of timeexpires.

In operation 915, a first application 251 or 252 (“App. 1”) can belaunched. App. 1 can register with UMD 240 to receive a “Switch UserRequested” notification in response to UMD 240 receiving a user logoutrequest. App. 1 can also assert to UMD 240 that it should not switchusers until UMD 240 receives a “Ready to Switch Users” notification fromApp. 1. UMD 240 can override the request not to switch after apredetermined period of time expires.

In operation 920, UMD 240 can receive a user logout request. A userlogout request can be received from, e.g. a user clicking on a “logout”button 345 on a user interface displayed by USM 250.

In operation 925, UMD can send a “User Switch Requested” notification toregistered processes, e.g. App. 1 and USM 250, in response to UMD 240receiving a user logout request in operation 920.

Method 900 continues at operation 930, described below with reference toFIG. 9B.

On FIG. 9B, in operation 930, App. 1 can determine whether App. 1generates data that needs to be synchronized with a backup server 120, acloud service 130, or a web service 140 (“synchronizing”). Anapplication that does not generate data to be synchronized, such as amedia player, can be terminated without performing any synchronizationoperations.

If, in operation 930, it is determined that App. 1 does not generatedata that needs to be synchronized, then the method 900 resumes atoperation 955. Otherwise the method 900 continues at 935.

In operation 935, App. 1 can marshal data to be synchronized.

In operation 940, App. 1 can begin synchronizing the data.

In operation 945, it can be determined whether App. 1 received a “WillSwitch Users” notification from UMD 240, indicating that App. 1 needs togenerate a synchronization task for a synchronization manifest.

If, in operation 945, it is determined that App. 1 has not received a“Will Switch Users” notification from UMD 240, then App. 1 can continuesynchronizing data in operation 940. Otherwise, in operation 950, App. 1can generate a synchronization task for a synchronization manifest forthis student user.

In operation 955, App. 1 can send a “Ready To Switch Users” notificationto UMD 240. The notification indicates to UMD 240 that App. 1 is readyto terminate.

In operation 960, App. 1 can terminate, or be terminated.

In operation 965, UMD 240 can notify kernel 215 that user-spaceprocesses 220 can be torn down, and a reboot of user-space 220 can beperformed.

FIG. 10 illustrates in block diagram form, a data synchronization systemhaving a plurality of clients in an educational computing environment,according to some embodiments.

The synchronization system 1000 can include a metadata server 1010 andone or more contents servers 1030. In one embodiment, a contents server1030 can store one or more types of user data sets. For example, a wordprocessing documents contents server 1030, a video documents contentsserver, a Keynote presentation server, and the like. A contents servercan also be configured on a per classroom, per subject matter, perinstructor, per student, or other basis that organizes data in a logicalmanner. In an embodiment, a content server 1030 can be a cloud storageservice capable of storing a wide variety of different user data settypes. In one embodiment, the synchronization system 1000 can furtherinclude a synchronization management system 1020. Initially, a clientdevice 100 can store one or more user data sets from the file system ofthe client device 100 on the synchronization system 1000. A user dataset, such as a file of word processing documents of a student usingclient 100, can be stored on the synchronization system 1000. In oneembodiment, the user data set can be chunked into chunked data portionsand stored on the one or more contents servers 1030. Metadata describingthe user data set and metadata about the chunked portions of the userdata set can be stored on the metadata server 1010 in a synchronizationmetadata database. In one embodiment, the metadata server 1010 andcontents server 1030 can be managed using a synchronization managementsystem 1020. Managing the metadata server 1010 can include providingsoftware to the metadata server 1010 to resolve conflicts betweenvarious versions of data sets of a user, including conflicts resultingfrom different versions of a software that generated a data set. Forexample, if one client device of a user, e.g. 101, has word processorsoftware that is version 2.0, and the user generates a word processingdocument using that client device and software, and the document islater downloaded using the synchronization system 1000 to a differentclient device of the user, e.g. 102, having version 1.0 of the wordprocessor software, the version 1.0 software may not be able to openand/or edit the document that was generated by software version 2.0.Synchronization system manager 1020 can provide software updates andpatches to the metadata server 1010 to adapt the document for use withboth version 1.0 and version 2.0 of the word processing software.

The synchronization system 1000 can be interfaced to the clientdevice(s) 100 via a network 150. The network 150 can be the Internet, awireless network, a cellular network, a local area network, or anycombination of these. Although the synchronization system manager 1020,metadata server 1010, and contents server 1030 have been shown asseparate elements, connected via a network 150, this need not be thecase. One or more of the synchronization system manager system 1020,metadata server 1010, or contents server 1030 can be implemented on thesame host computer system or on several physically distributed computersystems. In addition, as described above, contents server 1030 caninclude one or more content servers 1030, any or all of which can storeone or more types of user data sets. Communication between one or moreof the synchronization system manager 1020, metadata server 1010, andcontents server(s) 1030 can be by sockets, messages, shared memory, anapplication program interface (API), inter-process communication, orother processing communication service. Application programminginterfaces (“APIs”) are described in detail, below, with reference toFIG. 11.

A client device 100 can include a desktop computer system, a laptopcomputer system such as client device 101, a tablet computer system suchas client device 102, a cellular telephone such as client device 103, apersonal digital assistant (PDA) including cellular-enabled PDAs, a settop box, an entertainment system, a gaming device, or other consumerelectronic device. The components of a client device 100 are describedin detail, below, with reference to FIG. 12.

A user data set can include one or more of: a data file, a folder ordirectory, a word processing document, a spreadsheet, a presentation,emails, texts, user contacts, bookmarks, assets such as music, movies,and other purchased content, device settings, and application settings.Each of these can be a user data set. A user of a client device 100 candetermine, on a per-device basis, whether a particular data set will, orwill not, be synchronized with other of the user's client devices 100using the synchronization system 1000.

Metadata about user data sets can include file system metadata andsynchronization metadata. File system metadata can include a file ID,such as a POSIX file ID, a document ID, a creation date of the file, adate that the file was last modified, an identifier of the device thatlast modified the file, an identifier of the application and version ofthe application that modified the file, and a generation count for thefile. For assets, such as purchased content that are already storedremotely at a service such as iTunes® or Amazon Cloud®, metadata aboutthe content can include a Universal Resource Locator (URL) that pointsto where the content is located. File system metadata can be generatedby the file system of each client device 100. Synchronization metadatacan include a universally unique identifier (UUID) for a file or adirectory that is unique across the client devices 100 of a user, andcan further include ETAGS. ETAGS can specify a specific version of themetadata for a document or a directory. ETAGS can be generated by thesynchronization system 1000 to manage the user data sets and resolveconflicts between differing generations of user data for a particularuser data set. For example, an ETAG can be used to distinguish differentgenerations of a word processing document of the resume of the user.

In FIG. 11 (“Software Stack”), an exemplary embodiment, applications canmake calls to Services 1 or 2 using several Service APIs and toOperating System (OS) using several OS APIs. Services 1 and 2 can makecalls to OS using several OS APIs.

Note that the Service 2 has two APIs, one of which (Service 2 API 1)receives calls from and returns values to Application 1 and the other(Service 2 API 2) receives calls from and returns values to Application2, Service 1 (which can be, for example, a software library) makes callsto and receives returned values from OS API 1, and Service 2 (which canbe, for example, a software library) makes calls to and receivesreturned values from both as API 1 and OS API 2, Application 2 makescalls to and receives returned values from as API 2.

FIG. 12 is a block diagram of one embodiment of a computing system 1200.The computing system illustrated in FIG. 12 is intended to represent arange of computing systems (either wired or wireless) including, forexample, desktop computer systems, laptop computer systems, tabletcomputer systems, cellular telephones, personal digital assistants(PDAs) including cellular-enabled PDAs, set top boxes, entertainmentsystems or other consumer electronic devices. Alternative computingsystems may include more, fewer and/or different components. Thecomputing system of FIG. 12 may be used to provide the computing deviceand/or the server device.

Computing system 1200 includes bus 1205 or other communication device tocommunicate information, and processor 1210 coupled to bus 1205 that mayprocess information.

While computing system 1200 is illustrated with a single processor,computing system 1200 may include multiple processors and/orco-processors 1210. Computing system 1200 further may include randomaccess memory (RAM) or other dynamic storage device 1220 (referred to asmain memory), coupled to bus 1205 and may store information andinstructions that may be executed by processor(s) 1210. Main memory 1220may also be used to store temporary variables or other intermediateinformation during execution of instructions by processor 1210.

Computing system 1200 may also include read only memory (ROM) and/orother static storage device 1240 coupled to bus 1205 that may storestatic information and instructions for processor(s) 1210. Data storagedevice 1240 may be coupled to bus 1205 to store information andinstructions. Data storage device 1240 such as flash memory or amagnetic disk or optical disc and corresponding drive may be coupled tocomputing system 1200.

Computing system 1200 may also be coupled via bus 1205 to display device1250, such as a cathode ray tube (CRT) or liquid crystal display (LCD),to display information to a user. Computing system 1200 can also includean alphanumeric input device 1260, including alphanumeric and otherkeys, which may be coupled to bus 1205 to communicate information andcommand selections to processor(s) 1210. Another type of user inputdevice is cursor control 1270, such as a touchpad, a mouse, a trackball,or cursor direction keys to communicate direction information andcommand selections to processor(s) 1210 and to control cursor movementon display 1250. Computing system 1200 may also receive user input froma remote device that is communicatively coupled to computing system 1200via one or more network interfaces 1280.

Computing system 1200 further may include one or more networkinterface(s) 1280 to provide access to a network, such as a local areanetwork. Network interface(s) 1280 may include, for example, a wirelessnetwork interface having antenna 1285, which may represent one or moreantenna(e). Computing system 1200 can include multiple wireless networkinterfaces such as a combination of WiFi, Bluetooth® and cellulartelephony interfaces. Network interface(s) 1280 may also include, forexample, a wired network interface to communicate with remote devicesvia network cable 1287, which may be, for example, an Ethernet cable, acoaxial cable, a fiber optic cable, a serial cable, or a parallel cable.

In one embodiment, network interface(s) 1280 may provide access to alocal area network, for example, by conforming to IEEE 802.11 b and/orIEEE 802.11 g standards, and/or the wireless network interface mayprovide access to a personal area network, for example, by conforming toBluetooth standards. Other wireless network interfaces and/or protocolscan also be supported. In addition to, or instead of, communication viawireless LAN standards, network interface(s) 1280 may provide wirelesscommunications using, for example, Time Division, Multiple Access (TDMA)protocols, Global System for Mobile Communications (GSM) protocols, CodeDivision, Multiple Access (CDMA) protocols, and/or any other type ofwireless communications protocol.

In the foregoing specification, the invention has been described withreference to specific embodiments thereof. It will, however, be evidentthat various modifications and changes can be made thereto withoutdeparting from the broader spirit and scope of the invention. Thespecification and drawings are, accordingly, to be regarded in anillustrative rather than a restrictive sense.

What is claimed is:
 1. A computer-implemented method, comprising:booting a client device as a first user, in response to receiving logininformation of the first user, wherein the client device is configuredto be used serially by multiple users, with a single user logged in at atime; displaying a user-specific user interface of the first user;executing a user-space computing process that generates data to bestored, thereby generating first user data, in response to receiving oneor more inputs to the user-specific user interface of the first user;receiving a request to logout the first user from the client device; inresponse to receiving the request to logout the first user from theclient device: generating, and persisting in a system storage, amanifest for the first user that includes a task to store the first userdata to a remote storage, wherein the first user data is accessible bythe first user at a subsequent login of the first user into the clientdevice; and performing the task in the manifest to store the first userdata to the remote storage; rebooting the user-space processes of theclient device as a second user, in response to receiving logininformation of the second user; displaying a user-specific userinterface of the second user; executing a user-space computing processof the second user, in response to receiving one or more inputs to theuser-specific user interface of the second user; in response toreceiving login information of the second user and determining that thetask in the manifest has not completed, continuing performing the taskin the manifest that stores the first user data to the remote storage.2. The method of claim 1, wherein the client device comprises a tabletcomputing device, and the user-specific user interface of the first usercomprises a home page of the first user.
 3. The method of claim 1,wherein the manifest includes one or more access keys of the first userto a storage service where the first user data is to be stored.
 4. Themethod of claim 3, wherein the one or more access keys are generatedfrom at least a portion of the login information of the first user. 5.The method of claim 1, further comprising: deleting, from the manifestof the first user, the task to store the first user data, in response todetermining that the task to store the first user data has beencompleted; and deleting the manifest from the system storage, inresponse to determining that there are no more tasks in the manifest forthe first user.
 6. The method claim 1, further comprising: receiving arequest to logout the second user; storing, in the manifest of the firstuser, status information indicating a completion status of the task tostore the first user data, in response to determining that the task tostore the first user data was not completed; generating, and persistingin a system storage, a manifest for the second user that includes a taskto store the second user data; rebooting the user-space processes of theclient device as a third user, in response to receiving logininformation of the third user; executing a user-space computing processof the third user; completing the task in the manifest of the first userthat stores the first user data; performing the task in the manifest ofthe second user that stores the second user data.
 7. The method of claim1, wherein performing the task in the manifest of the first user furthercomprises: storing the first user data to a storage on the clientdevice, and the first user data stored on the client device isaccessible to the first user at a subsequent login of the first user tothe client device.
 8. The method of claim 1, wherein the request tologout the first user is a classroom-wide user logout command initiatedby a teacher workstation.
 9. The method of claim 1, wherein the storingthe first user data to a remote storage comprises synchronizing thefirst user data to the client device storage and a cloud storage. 10.The method of claim 7, wherein the data is encrypted when stored on thestorage of the client device, wherein the encryption is based at leastin part on a user credential of the first user.
 11. A non-transitorycomputer readable medium programmed with instructions that, whenexecuted by a processing system, perform operations, comprising: bootinga client device as a first user, in response to receiving logininformation of the first user, wherein the client device is configuredto be used serially by multiple users, with a single user logged in at atime; displaying a user-specific user interface of the first user;executing a user-space computing process that generates data to bestored, thereby generating first user data, in response to receiving oneor more inputs to the user-specific user interface of the first user;receiving a request to logout the first user from the client device; inresponse to receiving the request to logout the first user from theclient device: generating, and persisting in a system storage, amanifest for the first user that includes a task to store the first userdata to a remote storage, wherein the first user data is accessible bythe first user at a subsequent login of the first user into the clientdevice; performing the task in the manifest to store the first user datato the remote storage; rebooting the user-space processes of the clientdevice as a second user, in response to receiving login information ofthe second user; displaying a user-specific user interface of the seconduser; executing a user-space computing process of the second user, inresponse to receiving one or more inputs to the user-specific userinterface of the second user; in response to receiving login informationof the second user and determining that the task in the manifest has notcompleted, continuing performing the task in the manifest that storesthe first user data to the remote storage.
 12. The medium of claim 11,wherein the client device comprises a tablet computing device, and theuser-specific user interface comprises a home page of the first user.13. The medium of claim 11, wherein the manifest includes one or moreaccess keys of the first user to a storage service where the first userdata is to be stored.
 14. The medium of claim 13, wherein the one ormore access keys are generated from at least a portion of the logininformation of the first user.
 15. The medium of claim 11, theoperations further comprising: deleting, from the manifest of the firstuser, the task to store the first user data, in response to determiningthat the task to store the first user data has been completed; anddeleting the manifest from the system storage, in response todetermining that there are no more tasks in the manifest for the firstuser.
 16. The medium claim 11, the operations further comprising:receiving a request to logout the second user; storing, in the manifestof the first user, status information indicating a completion status ofthe task to store the first user data, in response to determining thatthe task to store the first user data was not completed; generating, andpersisting in a system storage, a manifest for the second user thatincludes a task to store the second user data; rebooting the user-spaceprocesses of the client device as a third user, in response to receivinglogin information of the third user; executing a user-space computingprocess of the third user; completing the task in the manifest of thefirst user that stores the first user data; performing the task in themanifest of the second user that stores the second user data.
 17. Themedium of claim 11, wherein performing the task in the manifest of thefirst user further comprises: storing the first user data to a storageon the client device, and the first user data stored on the clientdevice is accessible to the first user at a subsequent login of thefirst user to the client device.
 18. A system comprising: a processingsystem coupled to a memory programmed with executable instructions that,when executed by the processing system perform operations, comprising:booting a client device as a first user, in response to receiving logininformation of the first user, wherein the client device is configuredto be used serially by multiple users, with a single user logged in at atime; displaying a user-specific user interface of the first user;executing a user-space computing process that generates data to bestored, thereby generating first user data, in response to receiving oneor more inputs to the user-specific user interface of the first user;receiving a request to logout the first user from the client device; inresponse to receiving the request to logout the first user from theclient device: generating, and persisting in a system storage, amanifest for the first user that includes a task to store the first userdata to a remote storage, wherein the first user data is accessible bythe first user at a subsequent login of the first user into the clientdevice; performing the task in the manifest to store the first user datato the remote storage; rebooting the user-space processes of the clientdevice as a second user, in response to receiving login information ofthe second user; displaying a user-specific user interface of the seconduser; executing a user-space computing process of the second user, inresponse to receiving one or more inputs to the user-specific userinterface of the second user; in response to determining that the taskin the manifest has not completed when the login of the second user isreceived, continuing performing the task in the manifest that comprisesstoring the first user data to the remote storage.
 19. The system ofclaim 18, wherein the client device comprises a tablet computing device,and the user-specific user interface of the first user comprises a homepage of the first user.
 20. The system of claim 18, wherein the manifestincludes one or more access keys of the first user to a storage servicewhere the first user data is to be stored.
 21. The system of claim 20,wherein the one or more access keys are generated from at least aportion of the login information of the first user.
 22. The system ofclaim 18, the operations further comprising: deleting, from the manifestof the first user, the task to store the first user data, in response todetermining that the task to store the first user data has beencompleted; and deleting the manifest from the system storage, inresponse to determining that there are no more tasks in the manifest forthe first user.
 23. The system claim 18, the operations furthercomprising: receiving a request to logout the second user; storing, inthe manifest of the first user, status information indicating acompletion status of the task to store the first user data, in responseto determining that the task to store the first user data was notcompleted; generating, and persisting in a system storage, a manifestfor the second user that includes a task to store the second user data;rebooting the user-space processes of the client device as a third user,in response to receiving login information of the third user; executinga user-space computing process of the third user; completing the task inthe manifest of the first user that stores the first user data;performing the task in the manifest of the second user that stores thesecond user data.
 24. The system of claim 18, wherein performing thetask in the manifest of the first user further comprises: storing thefirst user data to a storage on the client device, and the first userdata stored to the client device is accessible to the first user at asubsequent login of the first user to the client device.